package com.zhangfei.vote;

import com.fasterxml.jackson.annotation.JsonAlias;
import jdk.nashorn.internal.ir.debug.JSONWriter;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.stereotype.Component;

import java.util.Collection;

@Component
public class CustomAccessDecisionVoter implements AccessDecisionVoter<FilterInvocation> {

    @Override
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }
    @Override
    public boolean supports(Class<?> clazz) {
        return FilterInvocation.class.isAssignableFrom(clazz);
    }
    @Override
    public int vote(Authentication authentication, FilterInvocation object,
                    Collection<ConfigAttribute> attributes) {
        // 实现你的投票逻辑
        // 返回ACCESS_GRANTED, ACCESS_DENIED, 或 ACCESS_ABSTAIN
        // 检查请求的URL是否为/user
        String requestUrl = object.getRequestUrl();
        if ("/user".equals(requestUrl)) {
            // 如果URL是/user，则返回ACCESS_DENIED
            return ACCESS_GRANTED;
        }

        // 如果不是/user，或者你还想基于其他条件进行投票，可以添加更多逻辑
        // 这里我们简单地返回ACCESS_ABSTAIN，表示我们不做决定，让其他Voter来处理
        return ACCESS_GRANTED;
    }


}